REST Admin SSL files type

Use the REST Admin SSL files type to create configurations that contain certificates that can be used by the integration server or integration runtime administration REST API and for secure interactions between the App Connect Dashboard and an integration server or integration runtime.


Summary of key details for the configuration type

File name or type Contains secrets Path extracted/imported to Maximum allowed per integration server or integration runtime
ZIP

(Contains a set of PEM files)

 Yes /home/aceuser/adminssl/ 1

About the REST Admin SSL files file

The REST Admin SSL files type requires a ZIP file that contains a set of PEM files for use by the administration REST API. The administration REST API can be used to create or report security credentials for an integration server or integration runtime.

The .zip file contents are extracted into the directory /home/aceuser/adminssl, and can be referenced from the server.conf.yaml file to secure the REST API. To fully use this configuration, modify the server.conf.yaml file to reference the PEM files.

The maximum recommended size of a .zip file for a configuration is approximately 660 KB.

Only one configuration of type REST Admin SSL files can be specified per integration server or integration runtime.

Note:
By default, when you deploy an integration server or integration runtime, a configuration object of type REST Admin SSL files is automatically created and applied to that integration server or integration runtime. The configuration object is generated by using a predefined .zip file that contains self-signed certificates, together with a secret that stores the contents of this .zip file.
  • For integration servers, the configuration object is created with a metadata.name value of integrationServerName-is-adminssl, where integrationServerName is the assigned name of the integration server. The secret is also generated with the name integrationServerName-is-adminssl, which is then set as the spec.secretName value.
  • For integration runtimes, the configuration object is created with a metadata.name value of integrationRuntimeName-ir-adminssl, where integrationRuntimeName is the assigned name of the integration runtime. The secret is also generated with the name integrationRuntimeName-ir-adminssl, which is then set as the spec.secretName value.
The predefined .zip file contains three PEM files, which are added to the /home/aceuser/adminssl directory:
  • ca.crt.pem: The certificate authority (CA) certificate
  • tls.crt.pem: The TLS certificate
  • tls.key.pem: The TLS key

    In the YAML view for an integration server definition, this default configuration is enabled through the following custom resource (CR) setting, which is set to true by default:
    spec:
  adminServerSecure: true

    There is no equivalent CR setting that you can manually apply to an integration runtime. A default integrationRuntimeName-ir-adminssl configuration object is always generated if you do not choose to create your own. (If you are creating your own configuration object, give it an assigned name of integrationRuntimeName-ir-adminssl.)

It is expected that you create a configuration object of type REST Admin SSL files only if you want to use certificates from your own trusted CA instead of using the pre-supplied self-signed certificates. To set up REST Admin SSL with certificates that are signed by your preferred CA, complete the following steps:

  1. Create your certificate PEM files with identical names as the default names that are used for an auto-generated configuration: ca.crt.pem, tls.crt.pem, and tls.key.pem.
  2. Create a configuration object of type REST Admin SSL files, as described in Creating a configuration for the REST Admin SSL files type by using the configuration panel.

Creating a configuration for the REST Admin SSL files type by using the configuration panel

You can create a REST Admin SSL files-type configuration while creating an integration server or integration runtime, or independently, as follows:

  1. Open the Configuration page by clicking the Configuration icon Configuration icon in the navigation pane, or go to the Configuration view of an integration server or integration runtime that you are creating. Then, click Create configuration. For more information, see Managing configuration objects from the Configuration page.
  2. From the Create configuration panel, select REST Admin SSL files from the Type list.
  3. In the Name field, specify a name for this configuration.
  4. In the Description field, specify text that will help you identify the integration server or integration runtime administration API that will use the PEM files in the ZIP archive, or identify the content of the archive.
    Create configuration panel
  5. To import the PEM files, click within the boxed area to select the ZIP archive from a file browser, or drag-and-drop the file. The name of the imported file is displayed.
    Imported ZIP file
  6. Click Create. The configuration is added to the configurations table and can be selected for use with an integration server or integration runtime.

Updating or deleting a configuration

If you need to update the content or settings in a configuration, or delete a configuration that's no longer needed, see Managing configuration objects from the Configuration page.